From 22a60a46b62fb74c2319384b50f3039f8b85e76b Mon Sep 17 00:00:00 2001
From: Brian Woods
Date: Wed, 22 Sep 2021 15:59:59 -0700
Subject: Change Xen load order to enable Secure Boot

Secure boot on uboot expects the last PE image loaded be the signed
image used.  Simply move Xen to the bottom of the load order (other than
device trees and bitstreams) and it enables Xen to boot.

Signed-off-by: Brian Woods <brian.woods@xilinx.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
---
 scripts/uboot-script-gen | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/scripts/uboot-script-gen b/scripts/uboot-script-gen
index 3359404..e14ee32 100755
--- a/scripts/uboot-script-gen
+++ b/scripts/uboot-script-gen
@@ -372,11 +372,6 @@ function linux_config()
 
 xen_file_loading()
 {
-    check_compressed_file_type $XEN "executable"
-    kernel_addr=$memaddr
-    kernel_path=$XEN
-    load_file "$XEN" "host_kernel"
-
     check_compressed_file_type $DOM0_KERNEL "executable"
     dom0_kernel_addr=$memaddr
     load_file $DOM0_KERNEL "dom0_linux"
@@ -425,6 +420,13 @@ xen_file_loading()
         fi
         i=$(( $i + 1 ))
     done
+
+    # secure boot on uboot expects the last PE image loaded to be the
+    # signed secureboot image used
+    check_compressed_file_type $XEN "executable"
+    kernel_addr=$memaddr
+    kernel_path=$XEN
+    load_file "$XEN" "host_kernel"
 }
 
 linux_file_loading()
-- 
cgit v1.2.3